General
rust-keylock is a password manager and its goals are to be:
- Secure
- Simple to use
- Portable
- Extensible
The core logic is written in Rust, but the presentation/User interaction parts are in different languages.
Warning
The project has not yet received any formal/official security reviews. Use it at your own risk.
Features
Security
- The data is locked with a user-defined master password, using bcrypt password hashing.
- Encryption using AES with CTR mode.
- Data integrity checks with SHA3 (Keccak).
- During runtime, the passwords are kept encrypted in memory.
- During runtime, the encryption keys are stored in safe, non-swappable memory.
- Upon saving, the encryption keys change, even if the user master password remains the same. This results to different encrypted products, even if the data that is being encrypted is the same.
- Passphrases generation using Diceware.
- Passwords health check against pwned passwords list, leveraging the k-anonimity API.
Data Availability
- Synchronization over Dropbox.
- Synchronization over Nextcloud or Owncloud.
- Export/import encrypted passwords to/from the filesystem.
- Automatic backups.
Application Portability
See how to download and install.
The rust-keylock library and the editor apps
The rust-keylock library handles the core application logic, whereas the interaction with the rust-keylock users is done via apps that have presentation responsibilities.
The core library manages the whole lifecycle of the application, including encryption/decryption, synchronization, storing and retrieving encrypted data from the filesystem etc.
The Editors are driven by the rust-keylock library and are responsible for interacting with the Users, transfering the Users’ input to the library.